Interpreting a Security Alert

In this section, as a user connecting to the server, you verify that you have connected to the correct Web site, and that it is trustworthy.

Since the Web site was certified by your Demo CA, you need your Demo CA's self-signed certificate installed in your browser to ensure that the Web site's certificate is accepted. At this point in the tutorial, the necessary Demo CA's self-signed certificate is not installed in your browser. This is intentional so that you can see the messages that this generates.

  1. In your browser, enter https://localhost:9443.

    This uses the secure version of HTTP Echo that you created in the stage Creating a Secure HTTPS Listener.

    You could enter your machine's actual DNS host name or even its dotted decimal IP address rather than localhost. Normally, it should make no difference, but for the purposes of this tutorial, use localhost.

  2. A Security Alert is displayed. It warns you that the Web site's security certificate may not be trustworthy, and it lists what is right and what is wrong with it.

    If this tutorial has already been run and the CA certificate is still installed, you do not get this alert. You can remove the certificate and then restart this section to display the alert.

  3. Close the security alert.

This security alert indicates that you have not installed the self-signed certificate of the CA that issued this server certificate.

Note: Do not use the http-echo conversation type in production. It is intended only for connection testing.